PT-2025-27281 · Ibm · Ibm Cognos Analytics
Published
2025-06-27
·
Updated
2025-06-28
·
CVE-2024-52900
CVSS v3.1
6.4
Medium
| Vector | AV:N/AC:L/PR:L/UI:N/S:C/C:L/I:L/A:N |
Name of the Vulnerable Software and Affected Versions:
IBM Cognos Analytics versions 11.2.0 through 12.2.4 Fix Pack 5
IBM Cognos Analytics versions 12.0.0 through 12.0.4
Description:
This issue allows authenticated users to embed arbitrary JavaScript code in the Web UI, potentially leading to credentials disclosure within a trusted session. The vulnerability is classified as a stored cross-site scripting flaw, permitting authenticated users to alter the intended functionality of the application.
Recommendations:
For IBM Cognos Analytics versions 11.2.0 through 12.2.4 Fix Pack 5, update to a version that includes the fix for this issue.
For IBM Cognos Analytics versions 12.0.0 through 12.0.4, update to a version that includes the fix for this issue.
As a temporary workaround, consider restricting access to the Web UI to minimize the risk of exploitation.
Fix
XSS
Found an issue in the description? Have something to add? Feel free to write us 👾
Weakness Enumeration
Related Identifiers
Affected Products
Ibm Cognos Analytics